Re: Delegation in AD

From: Chriss3 [MVP] (noSpamHere_at_chrisse.se)
Date: 01/13/05

Next message: helpdeskian: "Re: acctinfo.dll crashes after registering it"
Previous message: Chriss3 [MVP]: "Re: acctinfo.dll crashes after registering it"
In reply to: JPM: "Re: Delegation in AD"
Next in thread: JPM: "Re: Delegation in AD"
Reply: JPM: "Re: Delegation in AD"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 13 Jan 2005 19:45:56 +0100

There is no Deny entries in the ACL List set explicit to the OU, or
inheritance? Deny entry's always overrides Allow, Lets say there is a Deny
for Domain Users group, that's will override the Allow entry for your
account in this case.

-- 
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"JPM" <jpm@yahoo.com> skrev i meddelandet 
news:%23JFRiGZ%23EHA.3472@TK2MSFTNGP14.phx.gbl...
> The OU has an ACL with the user - the user has FULL rights from that OU 
> and all below it.
>
>
>
> "Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message 
> news:%23kZNZwY%23EHA.2804@TK2MSFTNGP15.phx.gbl...
>> Has the user of the account logged out/in to ensure the changes took 
>> place? Click View menu in Active Directory Users & Computers, Click View 
>> Advanced Features, Right Click the particular OU, Click Properties, Click 
>> Security Tab, and ensure the account is in the Security List (ACL) and 
>> have the correct permission.
>>
>> -- 
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Tips
>>
>> "JPM" <jpm@yahoo.com> skrev i meddelandet 
>> news:uQxqKqY%23EHA.3932@TK2MSFTNGP10.phx.gbl...
>>> We have our AD broken up by region - in their own OU.  I tried to 
>>> delegate a right to the Dallas OU to a user there, and I gave him ALL 
>>> rights (Delegations Wizard); however, he still did not have the rights. 
>>> Can someone tell me what's missing here?
>>>
>>> thx.
>>>
>>>
>>
>>
>
>

Next message: helpdeskian: "Re: acctinfo.dll crashes after registering it"
Previous message: Chriss3 [MVP]: "Re: acctinfo.dll crashes after registering it"
In reply to: JPM: "Re: Delegation in AD"
Next in thread: JPM: "Re: Delegation in AD"
Reply: JPM: "Re: Delegation in AD"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: startmenu
... built-in notepad for example is to change the ACL and deny them to use it. ... Microsoft MVP - Directory Services ... "Maurice" skrev i meddelandet ...
(microsoft.public.windows.group_policy)
Re: Delegation in AD
... There is no deny anywhere - this is also a new user is the domain - a week ... > There is no Deny entries in the ACL List set explicit to the OU, ... Deny entry's always overrides Allow, Lets say there is a Deny ... > Microsoft MVP - Directory Services ...
(microsoft.public.windows.server.active_directory)
Re: [Full-disclosure] RE: Example firewall script
... > of every ACL. ... > DENY ANY ANY at the end of their ACL's ... > should have a deny statement at the end, ... situations where large numbers of disparate hosts ...
(Full-Disclosure)
Transparent Proxy using Squid and PF
... I need a little help on setting up transparent proxy with Squid and PF in FreeBSD 5.4-RELEASE. ... rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 ... acl QUERY urlpath_regex cgi-bin \? ... no_cache deny QUERY ...
(freebsd-questions)
Re: deny access
... > is the correct syntax, but the information he didn't get was: ... > line ACL to block one host would effectively block all hosts. ... > If there are no ACLs now, make it a two liner, the deny line, and: ...
(Security-Basics)